Tenable — the Exposure Management company, has disclosed that its Tenable Cloud Research Team has discovered a high-severity vulnerability in Azure that affects more than 10 Azure services, including Azure Application Insights, Azure DevOps, Azure Machine Learning, Azure API Management and Azure Logic Apps. Microsoft does not plan to issue a patch for this vulnerability. Instead, it has created centralised documentation to inform customers about usage patterns for service tags.
The vulnerability allows a malicious attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services. A threat actor could exploit Service Tags that have been allowed through a user’s firewall if there are no additional validation controls. By exploiting this vulnerability, an attacker could gain access to an organisation’s Azure service and other internal and private Azure services.
“This vulnerability enables an attacker to control server-side forge requests, thus impersonating trusted Azure services,” explains Liv Matan, senior research engineer, Tenable. “We highly recommend customers take immediate action. By ensuring that strong network authentication is maintained, users can defend themselves with an additional and crucial layer of security.”
Azure customers whose firewall rules rely on Azure Service Tags for security are at risk from this vulnerability and should take immediate action to mitigate the issue to ensure they are protected by robust layers of authentication and authorization.
More information, including the team’s technical findings and proof of concept, has been published on the Tenable blog and in the technical advisory.
Discussion about this post